How to encrypt your Android phone

Almost all modern Android phones support encryption, but only a tiny fraction actually use it. That’s because the vast majority of phones don’t have encryption enabled out of the box, and the vast majority of users never bother altering the default settings. Google didn’t even make encryption a requirement until Android 6.0 Marshmallow, and even now it’s only mandatory for phones that meet certain hardware requirements.

Only 2.3 percent of Android phones are running the latest version, Marshmallow, and only an estimated 10 percent of Android phones around the world are encrypted, according to Ars Technica.

My phone has a lock screen. Isn’t it already encrypted?

Setting a lock screen pattern, PIN, or password does not mean an Android phone is encrypted. Accessing data on an unencrypted, locked phone is a fairly simple process; all that’s really needed is a USB cable. When a phone is encrypted, all of a phone’s data is protected before it even boots up.

Why encrypt?

Privacy and security are the main reasons to encrypt a phone. If you have sensitive files on your device, for example, it might be a good idea to encrypt. This prevents hackers, thieves, corporations, and even law enforcement from gaining access to the content of your phone. Without the master password, decrypting the phone is a monumental undertaking. Remember when the FBI wanted access to the San Bernardino shooter’s iPhone?

Can my phone handle it?

After you encrypt your phone, it will likely take a performance hit. How much of a slowdown you experience depends largely on the phone itself. A newer high-end phone with a 64-bit ARM processor will typically see less than a 10 percent loss in performance, but older and cheaper phones could suffer a much larger impact. This should be a major consideration when deciding whether to encrypt your phone.

In our tests, I encrypted a 16GB Moto G3 running Android Marshmallow. The Qualcomm Snapdragon 410 processor has both 32-bit and 64-bit compatibility. The phone ships running a 32-bit Lollipop (5.1), and after upgrading it to Marshmallow it still runs on 32-bit. The Moto G3 is a newer low-to-mid tier Android phone. This is my day-to-day phone and it’s about eight months old.

I used two separate benchmarking apps to test performance before and after encryption, and to be frank the difference was insignificant. The scores were nearly identical, and I didn’t notice a drastic difference in app or media loading times nor other side effects. This leads us to believe that you should be okay encrypting newer phones with Qualcomm processors, even on more budget-minded models.

Caveats to consider

Besides performance, you should consider a few other factors before encrypting your Android phone.

It’s not foolproof. In particular, Android phones are known to be vulnerable to cold boot attacks, in which the phone is placed in a freezer and then accessed with a special software that gleans data off of the RAM. The encryption key is stored in the phone’s RAM, so a skilled hacker could theoretically decrypt the phone this way.

Depending on your phone, you might have to set a password on your lockscreen and may no longer be able to use PIN or pattern. This will be a deal breaker for some, as typing in an ASCII password can be quite an inconvenience compared to a quick swipe of the finger. This was not the case with the Moto G3 we tested, on which we could still use the swipe pattern.

If your phone has an SD card slot, consider encrypting the SD card but not the internal memory, or vice versa. This allows you to quickly access unencrypted data on one while keeping more sensitive materials protected on the other, softening the blow to performance.

Booting up will take a lot longer, at least twice as long as what it takes your phone to start up without encryption. Even on higher end devices, starting up an encrypted phone can take around 5 minutes.

After you encrypt an SD card, you can only access it from the phone. You will no longer be able to take it out, put it in a card reader, and plug it into your computer. Only your phone has the encryption key, so only your phone can access the files on the encrypted SD card.

Disk encryption does what it says. It encrypts the files in your phone’s memory. It does not encrypt internet traffic in any way, so do not expect it to protect you from online snoops, trackers, spies, or hackers. For that, we recommend a VPN.

The only way to undo the encryption process is by performing a factory reset, which will delete all the files and apps on your phone. Be sure to back up everything if you decide to revert to an unencrypted device.

How to encrypt your Android phone

If you’ve weighed all the above considerations and are certain you wish to encrypt your phone, follow these steps for Android Marshmallow:

1) Go to Settings > Security > Encrypt Phone

2) The phone’s battery must be charged to at least 80 percent, and the charging cable plugged in. Then tap “Encrypt phone”. Type your PIN or enter your swipe pattern, and confirm the encryption.

3) Once the encryption process has started, do not interrupt it. Your phone will restart when finished.

4) Once the phone is ready to boot, you’ll be prompted to enter your PIN, password, or swipe code before it will start up. This will be the case every time you restart your phone from now on.

How to encrypt your SD card

Some but not all Android phones allow users to encrypt SD cards. The process is similar to the internal storage encryption process above. Just go to Settings > Security > Encrypt external SD card. You can choose whether or not to encrypt multimedia files like photos and videos or not.

If you’re deciding whether to encrypt your SD card or your internal storage, consider that decrypting the former is much simpler than decrypting the latter. Decrypting an SD card does not require a factory reset. Depending on how you view it, this could be a pro or a con–decryption is easier both for you and for law enforcement or hackers.

Note that if you encrypt your SD card and later on want to perform a factory reset on your phone, be sure to decrypt the SD card first. When you perform a factory reset, the encryption key will be deleted along with everything else, preventing you from accessing any files left encrypted on the SD card.

An alternative to full disk encryption

Full disk encryption is one method of protecting data stored on your phone, but another less nuclear option exists as well. Instead of encrypting the entire phone, you can also encrypt specific files with an app. This method is useful if you want to protect specific files or folders, but aren’t so concerned about the rest, and you don’t want to deal with the hassle and performance hit of a full disk encryption.

Several apps allow you to encrypt on a file-by-file basis in this way. Boxcryptor, Viivo, nCrypted Cloud, Sookasa, and CloudFogger are all multi-platform options with Android apps. Some allow you to encrypt files in place, while other create a new folder and everything put inside that folder is automatically encrypted. Learn more about these handy encryption apps here.

Is encryption legal?

In most countries, encrypting computers and phones is 100 percent legal. As a matter of fact, encryption can even add a legal layer of security. In the US and Canada, for instance, police can search an unencrypted phone without a warrant, but not an encrypted phone. US citizens cannot be compelled to give up passwords, but UK citizens can be under the Key Disclosure Law.